[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ga] Registration process suggestion



This is an interesting idea - but that means that the DNSO becomes the CA.
This is not without problems and dangers.

Two families of issues:

1) what sort of credential(s) will it demand?

2) liability exposure.  Putting in a zero cent reliance limit will help,
but to be worried about how the recipient might use the cert. for
non-ICANN related stuff, and the possible consequences for the CA, have a
look at "The essential role of trusted third parties in electronic
commerce," http://www.law.miami.edu/~froomkin/articles/trusted.htm which
sets out some problems one might encounter in the absence of legislation.  
Since that was written, many jurisdictions have legislated.  One could
locate the DNSO-CA in a suitable jurisdiction with a (relatively) friendly
statute.  Even so, (A) this usually means taking on some duties to audit
or be audited, which costs money; (B) it doesn't tell you much about
liability for foreign and/or cross-border uses of the cert.

I had assumed you meant outsourcing, to make all this Someone Else's
Problem....

On Thu, 3 Feb 2000, William X. Walsh wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> On 04-Feb-2000 Michael Froomkin - U.Miami School of Law wrote:
> > I think a solution that relies on access to a CA will be biased against
> > most of the world.  CAs are not accessible to most people in most
> > countries, at least not yet.  then there's the problem of concentration in
> > the CA market .... we don't have a clear idea of what a trustworthy
> > identity cert is likely to cost in even the near future.
> 
> The DNSO can setup their own, signing people's OpenPGP keys themselves with a
> special signing key.  PGP is available over the net, free, to anyone.
> 
> GnuPG is an openpgp implementation that is totally free, and the source code is
> available as well under the Gnu Public License.
> 
> There are PGP or GnuPG programs for nearly every OS/Computer platform out
> there, and with the command line programs can be used with any email client at
> all.
> 
>  
> 
> - --
> William X. Walsh <william@dso.net>
> DSo Networks  http://dso.net/
> Fax: 877-860-5412 or +1-559-851-9192
> GPG/PGP Key at http://dso.net/wwalsh.gpg
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: DSo Networks
> 
> iD8DBQE4mliW8zLmV94Pz+IRAonPAJ9nwWp+kF/lz2cwZDEpM57sFtDA1QCgl6EC
> BCX5a0hifZngYlZsY0B1oZk=
> =4eMI
> -----END PGP SIGNATURE-----
> 

-- 

A. Michael Froomkin   |    Professor of Law    |   froomkin@law.tm
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
                        -->It's warm here.<--